Vulnerabilidades em Synology
294 resultadosCVE-2025-12686CRITICALBuffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-6EPSS 2.8%CVE-2021-29083HIGHImproper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.EPSS 2.6%CVE-2019-11823HIGHCRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a deniaEPSS 2.4%CVE-2017-12078HIGHCommand injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execuEPSS 2.4%CVE-2021-31439HIGHThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. AuEPSS 2.3%CVE-2018-13284HIGHCommand injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to executEPSS 2.3%CVE-2018-13285HIGHCommand injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arEPSS 2.3%CVE-2022-22687CRITICALBuffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStationEPSS 2.3%CVE-2019-11829HIGHOS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to executeEPSS 2.2%CVE-2017-11156—Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which EPSS 2.2%CVE-2021-26569CRITICALRace Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows rEPSS 2.2%CVE-2016-10331—Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary fileEPSS 2.2%CVE-2021-27649CRITICALUse after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote atEPSS 2.0%CVE-2017-12074—Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticEPSS 2.0%CVE-2017-15894—Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and beforeEPSS 2.0%CVE-2017-15895—Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authentEPSS 2.0%CVE-2017-12075HIGHCommand injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to eEPSS 1.9%CVE-2017-15887—An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allowEPSS 1.9%CVE-2021-34809CRITICALImproper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology DEPSS 1.9%CVE-2021-29089CRITICALImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo EPSS 1.9%